Sam,

I tripped over this bug but thought I didn't set things up properly. You've been teasing us with the next release for a while. Thanks for letting us know it's still on it's way.


Gary

On 02/03/2015 08:04 PM, Sam Clippinger via spamdyke-users wrote:
You're quite correct -- this is a bug in version 5.0.0. I've got it fixed in the next version, hopefully to be released very soon.

-- Sam Clippinger




On Feb 2, 2015, at 1:38 PM, Heiko Bornholdt via spamdyke-users <spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>> wrote:

Hi,

I’m trying to replace my Spamdyke 4.3 with 5.0. I want to disable SSLv3 because of POODLE.

I’m using Ubuntu 12.04 LTS and have Spamdyke compiled from source without any special configuration.

root@andromeda:~# spamdyke --version
spamdyke 5.0.0+TLS+CONFIGTEST+DEBUG (C)2014 Sam Clippinger, samc (at) silence (dot) org
http://www.spamdyke.org/

This is my run-script:
root@andromeda:~# cat /etc/service/qmail-relay-submit/run
#!/bin/sh
QMAILUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec tcpserver -v -HPR -u $QMAILUID -g $NOFILESGID 0 587 spamdyke -f /etc/spamdyke-587.conf /usr/sbin/qmail-smtpd 2>&1


I have problems with submitting messages via SMTP. I have debugged the problem with swaks and tcpdump, and so I have discovered, that with my configuration Spamdyke is sending incomplete SMTP answers.

From my local computer I run:
[heiko@dhcp-172-21-37-9 ~]$ swaks -t he...@bornholdt.it <mailto:he...@bornholdt.it> -f he...@andromeda.bornholdt.it <mailto:he...@andromeda.bornholdt.it> --server andromeda.bornholdt.it <http://andromeda.bornholdt.it/>:587 --auth --auth-user=heiko
Password: s3cr3t
=== Trying andromeda.bornholdt.it <http://andromeda.bornholdt.it/>:587... === Connected to andromeda.bornholdt.it <http://andromeda.bornholdt.it/>.
<-  220 andromeda.bornholdt.it <http://andromeda.bornholdt.it/> ESMTP
-> EHLO dhcp-172-21-37-9.wlan.uni-hamburg.de.local
<** Timeout (30 secs) waiting for server response
-> HELO dhcp-172-21-37-9.wlan.uni-hamburg.de.local
<-  250 andromeda.bornholdt.it <http://andromeda.bornholdt.it/>
*** Host did not advertise authentication
-> QUIT
<-  221 andromeda.bornholdt.it <http://andromeda.bornholdt.it/>
=== Connection closed with remote host.

And on the server:
root@andromeda:~# tcpflow -i any -C -e port 587
tcpflow[9428]: listening on any
220 andromeda.bornholdt.it <http://andromeda.bornholdt.it/> ESMTP

EHLO dhcp-172-21-37-9.wlan.uni-hamburg.de.local

250-andromeda.bornholdt.it <http://250-andromeda.bornholdt.it/>

250-PIPELINING
250-8BITMIME
250-AUTH LOGIN PLAIN
250-STARTTLS


Nothing happens for 30 seconds and then the client aborts because of a timeout.

My configuration:
root@andromeda:~# cat /etc/spamdyke-587.conf
log-level=verbose
log-target=stderr
smtp-auth-level=always
smtp-auth-command=/usr/bin/checkvpw /usr/local/bin/heiko-smtp-auth-logger maildir
hostname-file=/var/lib/qmail/control/me
tls-level=smtp
tls-certificate-file=/etc/qmail/servercert.pem
tls-privatekey-file=/etc/qmail/servercert.pem
tls-cipher-list=kEDH:AESGCM:HIGH:+MEDIUM:TLSv1:+ALL:!RC4:!SEED:!IDEA:!RC2:!3DES:!DES:!MD5:!DSS:!aNULL:!eNULL:!ECDSA:!ECDH:!PSK:!SRP
tls-dhparams-file=/etc/ssl/private/dhparam2048.pem
qmail-morercpthosts-cdb=/var/lib/qmail/control/morercpthosts.cdb
qmail-rcpthosts-file=/dev/null


Log:
root@andromeda:~# cat /var/log/qmail/qmail-relay-submit/current | tai64nlocal
2015-02-02 18:33:29.206085500 tcpserver: status: 1/40
2015-02-02 18:33:29.206143500 tcpserver: pid 11591 from 134.100.17.1
2015-02-02 18:33:29.212386500 tcpserver: ok 11591 static.199.121.76.144.clients.your-server.de <http://clients.your-server.de/>:::ffff:144.76.121.199:587 :::ffff:134.100.17.1::57359 2015-02-02 18:33:29.213511500 spamdyke[11591]: ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable nameserver found: 2a01:4f8:0:a111::add:9898 2015-02-02 18:33:29.213579500 spamdyke[11591]: ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable nameserver found: 2a01:4f8:0:a102::add:9999 2015-02-02 18:33:29.213609500 spamdyke[11591]: ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable nameserver found: 2a01:4f8:0:a0a1::add:1010
2015-02-02 18:33:59.323577500 tcpserver: end 11591 status 0
2015-02-02 18:33:59.323578500 tcpserver: status: 0/40

I think, the problem is, that the server will send “250-STARTTLS” and not “250 STARTTLS” (missing hyphen). So the client thinks, that the message is not complete and waits for the next line.

Best regards,
Heiko
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
http://www.spamdyke.org/mailman/listinfo/spamdyke-users



_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Reply via email to